We use cookies and similar technologies to recognize your repeat visits and preferences, to measure the effectiveness of campaigns, and improve our websites. For settings and more information about cookies, view our Cookie Policy. By clicking “I accept” on this banner or using our site, you consent to the use of cookies.

Protect yourself from the Wi-Fi KRACK attack

Wi-Fi users with WPA2 network security are not really secure.

Just when you thought it was safe not to use a VPN … wait, did you actually think it was safe not to use a VPN? Say it with me, class – “ALWAYS USE A VPN!” There are literally dozens of reasons to use one, but this is the newest to come to light. And it’s a biggie.

So what just happened?

WPA2 is widely accepted as the preferred Wi-Fi security protocol. This week, a security researcher named Mathy Vanhoef discovered that WPA2 is actually vulnerable to cyberattacks. This is not a matter of certain router brands being more secure than others. That is, it’s not a product problem. It’s endemic in the Wi-Fi standard itself.

Vanhoef found that an attacker in range of the Wi-Fi could exploit the WPA2 weakness using key reinstallation attacks (KRACKs). This tactic works its trickery in the very first moment the unsuspecting user connects to the Wi-Fi. WPA2 uses a security component commonly called the “four-way handshake.” It’s a process whereby the Wi-Fi network authenticates itself to a computer and generates a one-time encryption key for the Wi-Fi session.

A KRACK, however, invades this process and tricks the handshake into reinstalling an already-in-use encryption key. This opens the door for the attacker to see all your personal data passing from computer to Wi-Fi, and vice versa. Depending on your network configuration, the attacker can also send malware or ransomware into the fray.

That’s just great. So now what?

Now that this vulnerability has been exposed, security teams are working on the necessary patches for all of us to install. The patch will take measures to ensure each encryption key is only used once, thus cracking down on those KRACKs. So make sure that all your devices--computers, smartphones, home routers, and any other Wi-Fi enabled devices that you have -- are updated currently, and download the next software updates as soon as they are available.

Keep your online activities private and use a VPN

We also recommend that you use a VPN if you don’t already use one. Virtual private networks protect your privacy online and ensure you are using an encrypted channel and visiting only secure sites. A VPN is essential if you spend time online in trendy coffee shops, airports, hotels and other public Wi-Fi, keeping your web surfing hidden from the prying eyes of hackers.

VPNs protect you when you use public Wi-Fi, but they also protect you at home. Cyberthreats know no bounds, as the world’s newest lucrative crime spree is evolving in every which way. Protect yourself now so that later on, when some unknown cyberattack sweeps through every vulnerable network, you can stand apart from the weeping masses and gloat, “You all should have used a VPN like I did! Didn’t you read that HMA! blog post?!”

Jokes aside, we all need to protect ourselves with VPNs. It used to be just a good idea, but now it’s critical. Learn more about the HMA! VPN, and keep yourself safe from online harm.